理解混乱.pdf

《理解混乱.pdf》由会员分享，可在线阅读，更多相关《理解混乱.pdf（33页珍藏版）》请在三个皮匠报告上搜索。

1、Making Sense of the ChaosWHEN TO CONDUCT STRUCTURED AND UNSTRUCTURED THREAT HUNTSArun WarikooHead of Cyber Threat Intelligence,CIB Americas,BNP ParibasLee ArchinalSenior Threat Hunt Analyst,Intel 471Meet the presentersArun Warikoo210+Years in IT 6+as Network Admin United States Army 5 years in SOC 4

2、 years Threat Hunting Black Hat USA 23&24 Trainer Conducts Threat Hunt Workshops based on different MITRE ATT&CK Tactics15+Years in Cyber Security with focus on Threat Intel,Hunting and DetectionChair of FS-ISAC Threat Hunting Working Group Host of“Cyber from the Frontlines”,a podcast available on S

3、potify and YouTubeResearcher&InnovatorPatent on determining threat attribution with high confidencePublications on Cyber Criminal Profiling&AttributionLee Archinal1.What is Threat Hunting2.What is a Structured Threat Hunt3.What is an Unstructured Threat Hunt4.Key TakeawaysDiscussionPointsThreat Hunt

4、ing 101WHAT IS THREAT HUNTING?THREAT HUNTING METHODOLOGYWHY THREAT HUNTTHREAT HUNT OUTCOMESMetrics are tough!Successful Outcomes:Found maliceConfirmed Visibility CoverageConfirmed Visibility GapPromoted Hunt to DetectionAdministrative issuesStructured HuntsWHAT IS A STRUCTURED THREAT HUNTIntel Drive

5、n approach to detect malicious activity based on defined objectives and an established hypothesisStructured Threat HuntOutcomesImprove security posture by detectingintrusions previously missed&augmentthreat detection capabilitiesKey CharacteristicsHypothesis DrivenBuilt around a specific hypothesis

6、about potential threatsDerived from the current threat landscape,emerging threats or analysis of past incidentsDefined ObjectivesDefine clear goals for the huntWhat are we looking for APTs,TTPs,MalwareRepeatableInvolves a well-defined methodology that can be repeated and refined over timeSTRUCTURED